Bank-grade security and operations
When documents contain highly sensitive information, you can’t afford to take risks. Protecting your data is DocuSign’s top priority—that’s why we offer bank-grade security and operations. DocuSign’s comprehensive approach to security ensures the confidentiality, integrity, availability, authenticity and enforceability of your DocuSign transactions.
DocuSign’s bank-grade security and operations provide:
- xDTM compliance - the highest standard of global information security and operations to protect your digital transactions
- Full document encryption to ensure the confidentiality of your data
- Robust anti-tamper controls so you can count on the integrity of your DocuSigned documents
- Redundant, geo-diverse data centers so your critical documents are backed up and always available
- The most authentication options to confirm the identity of all transacting parties
- Strongest level of enforceability and non-repudiation of your transactions
Unmatched security credentials
DocuSign meets and exceeds the most stringent US, EU, and global security standards. No other Digital Transaction Management (DTM) company can match the enterprise security and operations investments DocuSign has made—and third-party audit reports back it up. DocuSign is the only eSignature provider to be xDTM, ISO 27001 and SSAE 16 certified and tested internationally, across the entire company and its data centers. › Learn More
Keeps documents confidential
Only DocuSign provides full document encryption to ensure the confidentiality of your data. Documents stored in our ISO 27001 and SSAE 16 data centers are encrypted with the AES-256 standard and uses 256-bit SSL document transmission.
Only you and those you authorize have access to your documents. Your content stays confidential, including from DocuSign—employees never have access to your content. Rest assured that your personal information is safe with DocuSign. Your data is your data—DocuSign will never sell your information. › Learn More
Ensures document integrity
DocuSign employs strong anti-tamper controls to prevent any alteration of your signature or your documents. Our SHA-1 hashing verifies documents have not been modified and our PKI digital certificate technology secures documents and signatures with tamper-evident seals.
Leading system availability
DocuSign is the only DTM company with redundant and geo-diverse datacenters, including a disaster recovery facility, to ensure the highest levels of service availability. As a result of DocuSign’s continued investment in infrastructure, we are able to eliminate maintenance downtime and offer continuous availability, which ensures the highest level of data integrity and system resiliency. With DocuSign, your business critical documents are backed up and always available. › Learn More
Allows most authentication options
Many financial services, insurance, and healthcare companies use DocuSign’s advanced authentication methods to validate identity of all transacting parties, including texting an SMS code to another device, answering “secret knowledge” questions, and voice authorization.
Enforceability and non-repudiation of transactions
Our court admissible, digitally signed and tamper evident Certificate of Completion contains a comprehensive audit trail with signing parties’ names, digital signatures, email addresses, public IP addresses, chain of custody sent, viewed, signed, etc., timestamps, signing location (if provided) and more. DocuSign is willing to attest to the validity of DocuSigned documents, allowing DocuSign to warrant compliance with the ESIGN Act—the only eSignature company to do so. › Learn More
Full-time security team
DocuSign has invested heavily in a full-time security team, comprised of senior executives and led by a Chief Information Security Officer (CISO). The team oversees DocuSign’s comprehensive security protocol and conducts mandatory annual security training for all employees. DocuSign works closely with leading security experts to continually monitor the security landscape and evolve our security strategy.
Dedicated trust center
Only DocuSign maintains a Trust Center as the source for DocuSign’s latest security, system performance and availability information.
- Information on how we safeguard your data
- Our security certifications & tests
- Security updates & alerts
- System status, scheduled maintenance & availability
- Security best practices for your company
- Policies for handling your private information
Each component of our trusted platform—Applications & Access, and Transmission & Storage, Hardware & Infrastructure, Systems & Operations—undergoes tremendous security scrutiny. See the key tenets of the DocuSign platform below:
Applications & access
Transmission & storage
Hardware & infrastructure
Systems & operations